Some enterprises that are happy to put their data in a public cloud prefer to keep the keys to that data under their own control. That’s the message online file sync and sharing services are sending lately.

On Wednesday, EMC’s Syncplicity division announced Customer Managed Keys, a feature that lets enterprises store the encryption keys for their Syncplicity shared data on a rights management server on their own premises. It’s a new option in addition to having the keys stored in Syncplicity’s cloud.

The announcement came just a couple of months after rival Box released its own private key-management feature into beta testing. That system, called EKM (Enterprise Key Management), may become generally available on Wednesday at the Box Dev conference in San Francisco. EKM likewise was added as an alternative to keeping keys in the vendor’s cloud.

Cloud storage can make it easier for employees and partners to get to enterprise data and share it among themselves on different devices, and cloud services already encrypt the data they store. But due to regulatory and other concerns, some organizations want to maintain control of that encryption themselves. Several smaller companies, including Sookasa, SafeMonk and nCrypted Cloud, specialize in tools for secure cloud-based file-sharing.

For Customer Managed Keys, Syncplicity provides rights-management server software that customers can install on their own hardware. With it, enterprises can hold both the data and the keys to it within their own walls. Syncplicity doesn’t have a trusted relationship with the customer storage or rights-management system, so both are beyond the reach of its servers.

The new option works in conjunction with granular rights-management features that Syncplicity announced last year. They let enterprises apply different access rights per file and per user and even retract access to a shared file, Vijay Ganti, head of product marketing at EMC Syncplicity.